Cryptojacking hackers target SMBs as big business and governments invest in cybersecurity

The federal Liberal government in its most recent budget committed more than $500 million to a new cybersecurity strategy to better combat cybercrime. The Communications Security Establishment (CSE) will receive more than $155 million over 5 years to create a new Canadian Centre for Cyber Security that consolidates its cyber expertise in one place. The centre’s mandate provides Canadian citizens and businesses a single place to turn about cybersecurity information. The responsibility for investigating cyber crimes remains with the RCMP.

The federal government wants to enhance its ability to investigate cybercrime, safeguard critical infrastructure and collaborate with financial and energy sectors to strengthen cybersecurity. The government is increasingly concerned about cyber attacks that expose the personal information of Canadians, the cost to businesses and the threat that puts the country’s critical infrastructure at risk.

Why are governments and big business taking notice of cybercrime?

In the past, cyber thieves focused on stealing information or money through schemes like Ransomware. More recently, new cybercrimes point to interference by outsiders with the US and other electoral systems. Another new cybercrime is called cryptojacking, which involves an attacker stealing a victim’s computing power to mine digital currencies through their web browser. In a short period of time, more than five million attacks globally occurred in the United States, Japan, the UK, France, Germany and Canada.

In February 2018, 4,000 websites globally and 200 in Canada experienced cryptojacking attacks. Visitors to these websites had their Web browsers hijacked that mined a foreign cryptocurrency, called Monero. Monero is a more anonymous cryptocurrency than the more popular Bitcoin. The affected websites is a concern for governments because they target less secure sites like public libraries, municipalities, school boards, public health organizations. In the most recent attack, Canadian organizations were attacked including Ontario’s Information and Privacy Commission, the city of Cambridge in Ontario, and the city of Yellowknife in North West Territories.

While users do not lose money, unwanted software is installed on computers that can cause problems. According to a security consultant in Sky News:

“That software could do anything. Sure, right now it’s crypto mining software, but maybe the malware author pushes an update and suddenly it’s now banking malware and it steals your online banking credentials.”

Another reason the Canadian government has invested heavily is that cyrptojacking attacks raise security concerns for municipalities that plan to use online voting in elections for the upcoming Ontario election in 2018 and federal election in 2019.

Aleksander Essex, who runs Whisper Lab, a cybersecurity research group at Western University says cyryptojacking attacks are a growing concern because they show how easily government municipal websites can be compromised. He describes a possible future scenario where instead of mining cryptocurrencies for financial gain, criminals might be able to download and steal votes to influence election outcomes. We saw evidence of this outside tampering by Russia in the last US presidential election. Canada and other countries are also concerned about tampering by foreign countries and hackers in future elections.

Three reasons SMBs should care about cybercrime

1. Cybercriminals target small businesses because they discover breaches later

According to Small Business Trends, between 2011 and 2015, the percent of total cyber attacks targeting small organizations increased from 15% to 43% of total attacks. Smaller organizations with fewer resources for cybersecurity are the primary target for cyryptojacking and Ransomware attacks. Criminals prefer targeting smaller businesses because their goal is to delay being discovered. In most cases, it can take months for a small business to discover they’ve been hacked.

According to a 2016 study by the Ponemon Institute, the most common reasons for security deficiencies were the lack of personnel (67%), and the absence of financial resources (54%). The consequence of lacking skilled security professions is that companies are reactive rather than proactive with problem-solving. They cannot do long-term planning and instead default to a “Break/Fix” approach to solving problems as a way to manage their technology. This approach results in higher stress and turnover among employees because they cannot meet deadlines due to workplace stoppages when technology breaks.

3. Unlike bigger organizations, SMBs rarely survive a cyber attack

When big organizations or governments are attacked, they experience short-term losses but often recover a few years later. In the case Target’s big cyber attack, the stock price and revenue rebounded after just a few years. According to a 2012 study by the National Cyber Security Alliance, 60 percent of small firms go out of business within six months after a data breach.

The impact is so dire for SMBs because they lack the security infrastructure of larger firms. They have not thought about security measures like systems monitoring, intrusion detection and event management systems. By the time a breach is discovered, real damage has already been done.

If big business and governments are getting serious about cybercrime, it stands to reason that SMBs must also follow. Cyber thieves target the lowest hanging fruit and the most vulnerable, which today are small and medium-sized businesses (SMBs)

The stakes are too higher for small business owners, who have spent their life building successful businesses, only to have a cyber breach force them to shut down because they are not prepared. The best approach an SMB can take is to get help for their specific challenges from IT security firms that have a proven track record working with similar businesses.